I’m working on a web service providing user application authorization information based on web service. The basic idea is to expose application authorization data through a web service and remove any need to implement similar functionality in each application and centralize the administration of user profiles and authorizations.
Like any other web services once deployed, all applications will be dependent on this basic user authorization services. It requires that the authorization service must offer backward compatibility and extensibility to support applications that live on their own life cyles.
A versioning strategy is shown in the following:
All types are defined in XSD and their namespaces are date-stamped. Ex.,
<s:schema
xmlns:s=“http://www.w3.org/2001/XMLSchema”
targetNamespace=“http://tempuri.org/2004/02/16/types/”
xmlns=“http://tempuri.org/2004/02/16/types/”
>
<s:complexType name=“User”>
<s:sequence>
<s:element name=“FirstName” type=“s:string”/>
<s:element name=“LastName” type=“s:string”/>
</s:sequence>
</s:complexType>
</s:schema>
All WSDL are stored as files that reference the XSD for exposing types. Ex.,
<definitions
name=“UserAuthorizationService”
targetNamespace=“http://tempuri.org/2004/02/16/UserAuthorizationService/”
xmlns=“http://schemas.xmlsoap.org/wsdl/”
>
<import namespace=“http://tempuri.org/2004/02/16/types/”
location=“UserAuthorization.xsd” />
<types />
<message />
<portType />
<!– concrete definitions –>
<binding />
<service />
</definition>
When implementing web services, the binding is done with import of a particular WSDL such as http://localhost/2004/02/16/UserAuhtorizationService.wsdl, insetad of relying on ASP.NET auto-generated WSDL on an endpoint.
When the service interface changes, a new WSDL is created and a new endpoint is created as well for the new interface. Ex, these are two versions of the service with two distinct endpoints.
http://localhost/2004/02/16/UserAuthorizationService.wsdl and http://localhost/2004/02/16/UserAuthorization.asmx
http://localhost/2004/03/UserAuthorizationService.wsdl and http://localhost/2004/03/UserAuthorization.asmx
Here’re some related resources:
Designing Application-Managed Authorization
XML Versioning